Exploitdb Exploits
50,095 exploits tracked across all sources.
Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)
by Metasploit
Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)
by Metasploit
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection via SSH
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
by Core Security
CVSS 8.8
Grundig Smart Inter@ctive TV 3.0 - Cross-Site Request Forgery via TCP Port 8085
Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device.
by t4rkd3vilz
CVSS 8.8
CeLa Link CLR-M20 - Unauthenticated Remote Code Execution via WebDAV PUT Method
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.
by Safak Aslan
CVSS 9.8
Microsoft Edge and ChakraCore - Remote Code Execution via Type Confusion
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.
by Google Security Research
CVSS 7.5
ChakraCore < 1.8.3 - Memory Contents Exposure via Scripting Engine
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.
by Google Security Research
CVSS 7.5
Microsoft Edge and ChakraCore - Remote Code Execution via Scripting Engine Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137.
by Google Security Research
CVSS 7.5
IBM Security QRadar SIEM <7.4 - Auth Bypass
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.
by Metasploit
CVSS 8.8
Dicoogle PACS Web Server <2.5.0 - Path Traversal
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.
by Carlos Avila
IBM QRadar 7.2-7.3 - Improper Access Control
IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737.
by Metasploit
CVSS 4.2
IBM QRadar SIEM 7.2-7.3 - Unauthenticated Exposure of Sensitive Information
IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164.
by Metasploit
CVSS 5.8
instagram-clone < 2018-04-23 - Cross-Site Scripting via edit_requests.php onmouseover Payload
edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace.
by L0RD
CVSS 6.1
Safari < 11.1.1 - Remote Code Execution via WebKit Race Condition
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.
by ret2
CVSS 7.5
D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi
D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text.
by Thomas Zuk
CVSS 7.5
WolfSight CMS 3.2 - SQL Injection via PATH_INFO
WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.
by Berk Dusunur
CVSS 9.8
Linux BPF Sign Extension Local Privilege Escalation
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
by rlarabee
CVSS 7.8
Boxoft wav-wma Converter 1.0 Local Buffer Overflow SEH
Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH chain and achieve code execution on Windows systems.
by Achilles
CVSS 8.4
Call of Duty Modern Warfare 2 < 2018-04-26 - Remote Code Execution via Stack-Based Buffer Overflow
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.
by Maurice Heumann
CVSS 10.0
Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting
by Ahmed Elhady Mohamed
GitList 0.6.0 - Argument Injection (Metasploit)
by Metasploit
GitList 0.6.0 - Argument Injection (Metasploit)
by Metasploit
HP VAN SDN Controller - Root Command Injection (Metasploit)
by Metasploit
By Source